It may not be a big market that the masses are clamoring for, but it will soon be similar to services encrypting passwords in the database. The outside world shouldn't be expected to know about the existence of rainbow tables and the futility of md5-hashes. The educated, however, know what to demand, will expect their services to offer it, and will leave lacking-services for support-services - and in their exodus the masses inevitably follow (e.g. Hotmail -> GMail)
I think you are right. The only thing holding back cryptography from being widely adopted is the lack of a service that makes strong cryptography super easy to setup and use. I know this isn't a trivial task, but it's not impossible to implement strong crypto in a user-friendly way.
> The educated, however, know what to demand, will expect their services to offer it, and will leave lacking-services for support-services - and in their exodus the masses inevitably follow (e.g. Hotmail -> GMail)
That's not how it works.
People didn't leave Hotmail because the "educated" left, they left it because Google gave several GBs for free, the interface was simpler, the search better and MS was out of fashion.
If you're not a large market you don't get a service, or you only get niche vendors to cater to you. You can bypass this by setting trends for the "uneducated" (whatever that means), else we will all be using Lisp Machines or Smalltalk environments.
Educated/uneducated may not be the right terms, but it is possible to have hindsight just by understanding the landscape.
Privacy is becoming a large problem in the internet and encryption will likely be part of the solution. Without encryption, the ownership of data is on the service provider instead of the person.
Privacy is a feature just like free storage. One day, privacy can be available to the masses just like storage is today. (also think back how many people actually wanted or needed multiple gb of free storage for their emails until one was provided by a service like gmail)
This is wrong. SOX compliant fortune 500 companies can't legally use dropbox due to confidentiality requirements. Adding encryption would fix the confidentiality issues.
The BIGGEST deepest pockets would pay handsomely for this.
How would you verify that they never got your encryption key? You installed their software on your computer. How can you be sure it never sent your key to their server?
The same way you can be sure that any of the hundreds or thousands of other programs installed on your computer are not keylogging and sending your passphrases and plans for world domination to the NSA, Bilderberg Group, and the Russian mob.
That is to say, you can't be sure. However, Dropbox is a company in good legal standing, and they have a lot to lose if they offered client side encryption and then leaked the passphrase.
Spideroak (definitely) and Backblaze (I think?) already have client software which offers client side encryption. Whether you trust them is up to you.
I'm launching a product shortly that offers exactly this feature to Dropbox (or Google Drive, SkyDrive, ...). It's a native OSX and Windows app that keeps the keys on the users' computer and transparently encrypts and decrypts files before they're sent to your cloud storage provider.
The product is in beta right now but I'd love some more people to try it out. If you sign up at http://safeboxapp.com, you'll get a download link to try it out.
Unlike BoxCryptor, it's not based on an encrypted volume. Instead, files and directories in a designated folder are individually encrypted (much like Dropbox).
I would too. I would pay maybe $100+ a year for this, even for only 4GB or whatever I currently have on Dropbox. But maybe this still wouldn't be profitable to develop if only a small group of paranoid users would buy it.
